Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Have a mac mini server with 10.8 and server 2.2.1 on the internal network that has the log files filling up with some crazy entries:
May 10 17:11:51 myservername.mydomain.com mDNSResponder[43]: CacheRecordAdd: db._dns-sd._udp.0.##.##.##.in-addr.arpa. (PTR) has 4167 answers; shedding records to resist DOS attack
thousdands of these lines. Since its on an internal network, pretty sure we are not getting a DOS attack... or are we?
Mac mini
mDNSResponder is part of Bonjour. It seems to put lots of info in the log. If you google it, you'll see lots of people complaining about all kinds of scary sounding log entries that basically mean nothing.
mDNSResponder is part of Bonjour. It seems to put lots of info in the log. If you google it, you'll see lots of people complaining about all kinds of scary sounding log entries that basically mean nothing.
With some guesses around the scale of your network and its particular configuration... If you're not using Bonjour on your internal network, then look to filter the mDNS traffic at your switches. If you are, then consider setting up or tailoring vLANs for smaller groups.
There is no DOS attack. The text of the message is poorly chosen. Your internal network is configured in an unusual way and is allowing messages to bounce around internally forever. A DNS query is getting thousands of replies which is probably just one or two replies bounced around repeatedly from switch to switch. That message from the Mac is just a warning that the Mac isn't bothering to look at all the replies to see if they agree with one-another, it is ignoring most of them.
If you have a curious network technician you might tell them about this message but it's not causing your computer any significant harm, it's just a sign that useless messages are clogging your internal network, possibly slowing it down for genuine traffic.
Found this via Google. I'll add to the chorus that my Mac Mini Server (10.8.5) was doing the same thing tonight. It said there were millions of answers, which was impossible. I have a pretty simple network with a Router/AP and an 8-port unmanaged switch connected to that. My system.log file had grown to 4GB in just two hours, and the CPU usage of mDNSResponder was pretty high.
I solved it by restarting the server.
For anyone else finding this, I stopped the messages by issuing Terminal command...
sudo killall mDNSResponder
It respawns after killing. First tried a -HUP but that had no effect. No idea if the forced kill had any effect on other services (none reported) but I couldn't do a restart but needed to track other log messages (which was impossible with all the mDNS ones).
Shredding records to resist DOS attack
